You are Home   »   News   »   View Article

New strategies for Intelligent Energy from BP, ExxonMobil and Schlumberger

Thursday, September 4, 2014

The technical sessions at this year's Intelligent Energy conference in Utrecht (April 2014) included talks from BP on measuring DOFF maturity; BP on managing control system safety overrides; ExxonMobil on maintaining control system security; Schlumberger on reducing people onboard; and Eigen on helping drillers get compliant with control systems security standards

DOFF maturity
Dave Feineman, senior advisor on technical business processes at BP's Field of the Future project, talked at this year's Intelligent Energy conference (Utrecht, April 2014) about efforts BP has made to define and assess the maturity of its implementations of Digital Oilfield of the Future (DOFF).

The idea of talking about 'maturity' for a technology implementation is not something new, but it requires some kind of agreement about what counts as mature, he said. 'There's no agreed, model about how DOFF should be implemented.'

'The road ahead is not very easy to discern. We can't [even] agree on what a digital oilfield is,' he said. 'And some projects have proven unsustainable.'

There are many ways which DOFF maturity can be assessed, including various standard schemes for capability maturity, but to do a maturity assessment of a digital oilfield project is 'difficult and time consuming,' he said.

BP has made a lot of effort to track value generation from a DOF project, he said. Actually it has tried this 5 times. It sent out questionnaires to people in 2003 and 2005.

The questionnaire got too long in 2005, so it did a shorter form in 2006. In 2013 it switched to doing gap and opportunity analysis.

'It was all a learning experience,' he said.

Managing safety overrides
Brett Grange, a D2D (device to device) program engineer at BP, gave a talk at Intelligent Energy about his work developing a systematic way to manage the use of safety overrides in the company.

A 'safety override' is when there is a system for switching off a safety control.

For example, a vehicle could be designed so that an alarm sounds if someone sits in a seat without a seatbelt on, based on sensors in the seat and in the seat belt clasp. The driver could be given a 'safety override' to silence the alarm if the seat is actually holding a bag of potatoes, not a person.

In oil and gas operations, safety overrides are required to stop safety alarms sounding during special processes, for example when doing maintenance.

The problem occurs when safety overrides are kept permanently switched on because life is easier without a warning in your car when someone doesn't have a seatbelt on, or people forget.

So it is important to have a system to carefully manage when they are used, how their use is approved, and how to make sure the override is disabled afterwards, he said.

'We wanted something that could be implemented globally,' Mr Grange said. 'It has to be done in a way which manages and mitigates risk.'

The first step was to build an electronic logbook, where people can report which safety overrides have been implemented. This means that the information is available to everyone. The system has been used in 27 locations, including the North Sea, Azerbaijan, Angola, Trinidad and Oman. 'It makes overrides more visible to the operations personnel,' he said.

The first version of the logbook was intended to help people be aware of what overrides were in place.

The second update manages how long the overrides are in place.

In the third update, the company started to categorise overrides, and introduced a concept of long term overrides.

The fourth update included easy access to risk assessment information.

In the fifth update there is a form to request approval to implement a safety override, and version control for risk assessment documents.

In the sixth update, there are systems to make it easier to audit, and there is a pre-request stage (so you can request permission to implement an override, before you actually have to do it).

In the seventh update there were tools to bulk upload risk assessments.

In future the tool will be developed to include local language options, local management of approvals, and clearer lines of communication.

Darrell Pitzer - control systems security
Darrell Pitzer, control systems architecture advisor with ExxonMobil, talked at Intelligent Energy about some of the challenges with cyber security for control systems.

Control system equipment can often be used for decades. 'Systems have a life greater than 10 years, often greater than 20 years,' he said. 'It is hard to upgrade these things.'

It is also very difficult to build test systems for control system equipment, and many different groups of skill sets are required to understand it, he said. Also older equipment was designed with less priority given to cyber security.

Meanwhile hackers are continually building their knowledge. Hackers have built tools and search engines to help find control system devices over the internet, and have found over half a million control system devices so far.

Hackers are already discovering ways to exploit wireless communication and also virtualisation, where you use one server to do work previously done with several.

'The only solution is to manage the risk,' he said.

'You can't eliminate the risk. The question is, what do you have to spend to reduce the risk to a level you are comfortable with.' Many companies have barred removable media (for example memory sticks) from their companies, as a result of STUXNET (a virus which caused damage to Iranian nuclear installations, transferred into the system via a memory stick).

Another process is known as 'defence in depth', where you have to get through several security layers. For example you might have a two factor authentication to log on to your corporate networks.

If you have obsolete systems which can't be upgraded, 'you have to do what you can to make them inaccessible to the rest of the network,' he said.

There is a growing league of professional 'penetration testers', people who you employ to test your system to see how easily it can be hacked. The testing has to be 'completely passive' to ensure that the test itself does not cause any problems, he said.

He was asked if it is possible to find penetration testers who understand industrial control systems. 'We found one they are very happy with. The penetration market is just discovering the industrial control space,' he said.

Eigen - helping drillers with ISA99
Murray Callander, chief technical officer with integrated operations technology company Eigen, talked at Intelligent Energy about some of the work Eigen has done to help operators of drilling rigs get compliant with the ISA99 standard for industrial automation and control systems security.

Eigen started one project in 2009 to get a drilling rig compliant with ISA99, redesigning the way data was stored and transmitted on the rig.

'The vision was one cable. Each company just plugs in one cable and they get access to everything they need (and nothing they don't need),' he said.

The company had a very complex and vulnerable data communications network, with rig operations outsourced to a third party, multiple companies working on the rig and a data communication network built organically over the years, with no knowledge of what was connected to what.

This meant that there was no means of controlling the entry or exit points for data, or users, including remote access, he said.

'The more complex the system, the more the scope for fragility. Robustness and resilience are essential. The system we deployed had to be more resilient than any of the systems it interconnected.'

Eigen designed a high-availability structured data and communications system to replace it, which could tolerate failure of about 50 per cent of components, he said.

The real time drilling data from the rig can now be sent to the oil company and other companies over the internet using WITS or WITSML data standard, as well as OPC. There is a central server which can receive data from the drilling control systems via WITS, WITSML or OPC.

The Drilling Control and Monitoring System (DCMS) is completely protected. It is not possible to access the drilling control systems via the internet, or even from other networks on the rig.

To make sure it would work, Eigen built a mobile testing kit so it could visit the various software vendors and test out their software with it. 'We had to get into every single interface and understand the workflows,' he said. 'We had to map and take apart every single interface.'

The Realtime Drilling Information System (RDIS) was implemented for the client in November 2013, and 3 wells had been drilled using it by April 2014. 'The system was installed in the construction yard and was available as soon as the rig was on station.

There's zero non productive time associated with it,' he said.

As a result of all the testing carried out, the system has been modularised and can be deployed as a package on other rigs. 'It has proved that it is possible to engineer systems that are both secure and easy to use,' Mr Murray said. 'It moves us towards our goal of being able to deliver a capability, not just a technology.'

To improve the system further, Eigen is looking at increasing resilience even further using solid state hard drives, among other things, which are less prone to failure, and improving systems for remote anagement, he said.

Reducing people offshore for drilling

Schlumberger has a trial scheme to see if it might be possible to reduce the number of people who are involved in a drilling project, by having two of the traditional four man crew working remotely, said Schlumberger's Leonardo Toco at the Intelligent Energy conference.

Remote drilling [having remote staff supporting drilling work] has been widely done around the world on land based jobs, but not much on offshore, due to higher operational risks.

Reducing manpower for offshore work could have much bigger benefits, due to increased safety benefits of having less people offshore, and freeing up rig space.

If you have 50 drilling rigs in a certain part of the world, taking two people from each rig means a 100 person reduction in people on board, he said, or 100 beds freed up for someone else.

The experiment was made for specific drilling tasks, including MWD tool programming, acquisition system configuration, prejob quality checks and daily drilling reporting.

In order to have remote crew working on a drilling project, a reliable satcom link is essential. You need to ensure that the data communications is sent over the network by high priority and have a dependable backup link, he said.

In a trial, the company found that most of the time the communication is made using online chat and voice communication.

The company also found that the drilling rate (counted in feet per pump hour) went up and the non-productive time went down, he said.

Associated Companies
» Intelligent Energy Event
comments powered by Disqus


To attend our free events, receive our newsletter, and receive the free colour Digital Energy Journal.


Latest Edition Jan-Feb 2024
Jan 2024

Download latest and back issues


Learn more about supporting Digital Energy Journal